For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the internet. We've just lost an important battle. On Jan. 18, when President Donald Trump signed the renewal of Section 702, domestic mass surveillance effectively became a permanent part of U.S. law.

Section 702 was passed in 2008 as an amendment to the Foreign Intelligence Surveillance Act of 1978. It was billed as a way for the National Security Agency to spy on non-Americans located outside the United States. It was supposed to be an efficiency and cost-saving measure.

The problem is that this authority also allowed the NSA to collect foreign communications and data in a way that swept up Americans' communications as well, without a warrant. Other law enforcement agencies may ask the NSA to search those communications, give their contents to the FBI and other agencies, and then lie about their origins in court.

In 1978, after Watergate had revealed the Nixon administration's abuses of power, we erected a wall between intelligence and law enforcement that prevented this kind of sharing of surveillance data under any authority less restrictive than the Fourth Amendment. Weakening that wall is incredibly dangerous, and the NSA should never have been given this authority in the first place.

Arguably, it never was. The NSA had done these types of surveillance illegally for years. Section 702 was secretly used as a way to paper over that illegal collection, but nothing in the text of the later amendment gives this authority to the NSA.

Civil libertarians have battled this law in both Congress and the courts ever since it was proposed. What this most recent vote tells me is that we've lost the fight.

Section 702 was passed in 2008 under George W. Bush, reauthorized in 2012 under Barack Obama, and now is reauthorized again under Trump. It's inconceivable that it will ever be repealed.

So what do we do? There are, it turns out, reasonable modifications that target surveillance more generally, and not in terms of any particular statutory authority.

First, we must strengthen the minimization procedures to limit “incidental” collection. The intelligence community needs much stronger restrictions on which American communications channels it can access without a court order. Second, we must limit how other law enforcement agencies can use data collected incidentally. Today, those agencies can query a database of incidental collection on Americans and the NSA can legally pass information to those agencies. This must stop. Third, we must end what's called “parallel construction.” When a law enforcement agency uses evidence found in this NSA database to arrest someone, it doesn't have to disclose that fact in court.

This problem exists primarily because internet companies collect and retain personal data, which they allow to be sent across the network with minimal security. Since the government has abdicated its responsibility to protect our privacy and security, tech companies need to step up: Minimize data collection. Don't save data longer than necessary. Encrypt what has to be saved.

It's important not to give up hope. Everything we do to keep the issue in the public eye hastens the day when we will reaffirm our rights to privacy in the digital age.

Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”

You are solely responsible for your comments and by using TribLive.com you agree to our
Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent
via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.